Back to skill
Skillv3.1.5
ClawScan security
Temp Test · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 28, 2026, 4:18 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The runtime instructions are just filler text (a harmless demo), but the package also contains a full 'jarvis-core' manifest and large README that claim broad permissions and automatic activation—those pieces conflict and need clarification before installing.
- Guidance
- This package is ambiguous: the SKILL.md is harmless filler, but the included clawhub.json and README describe a very different, high-privilege Jarvis Core skill. Before installing, ask the publisher which files are authoritative and why the manifest claims file read/write and script execution while the skill declares none. If you proceed, do so in an isolated environment and require the publisher to: (1) provide an explicit, consistent SKILL.md that documents runtime behavior; (2) clarify and minimize requested permissions; (3) remove unrelated manifests or split the Jarvis Core material into its own package. Do not install on production agents until those inconsistencies are resolved.
Review Dimensions
- Purpose & Capability
- concernThe skill metadata and SKILL.md present this as a minimal 'temp test' demo. However the included clawhub.json and README describe a full-featured 'Jarvis Core' skill (cross-session memory, file I/O, execute scripts, activation triggers). Those capabilities are not reflected in the declared requirements (no env, no binaries, no install). This mismatch is unexplained and disproportionate to the stated 'demo' purpose.
- Instruction Scope
- concernThe SKILL.md (the runtime instructions) contains only repeated filler text and does not instruct any file access or network calls. But the README and clawhub.json enumerate file paths (~/self-improving/, ~/.tiered-recall/, etc.), persistent storage, and runtime behaviors. That suggests either the real runtime instructions are missing/hidden or the package includes unrelated documentation/manifest. The SKILL.md itself is scoped to a demo, but the other files expand scope unexpectedly.
- Install Mechanism
- okNo install spec and no code files are present, so nothing will be written or executed by an installer. From an install-mechanism perspective this is low risk — however the presence of an unrelated manifest/README increases ambiguity about intended behavior.
- Credentials
- concernDeclared requirements are empty (no env vars, no primary credential). Yet clawhub.json claims permissions like read:files, write:files, execute:scripts and activation triggers. Those permissions (file I/O and script execution) are disproportionate relative to the skill's advertised 'temp test' purpose and to the SKILL.md content.
- Persistence & Privilege
- concernThe registry-level flags show always:false, but clawhub.json contains 'activation.auto': true and session/heartbeat triggers and workspace-scoped permissions. If the platform honors clawhub.json, that would grant the skill autonomic activation and file/script privileges. The inconsistency between registry metadata and the embedded manifest is a red flag.